Formalizing Attack Trees for a SCADA System - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Formalizing Attack Trees for a SCADA System

Description:

1. Formalizing Attack Trees. for a SCADA System. Krishna Mohan Moleyar. Dr. Ann Miller ... Approaching the Solution GSN. Example Scenario. SCADA Attack Tree ... – PowerPoint PPT presentation

Number of Views:378
Avg rating:3.0/5.0
Slides: 19
Provided by: KRIS298
Category:

less

Transcript and Presenter's Notes

Title: Formalizing Attack Trees for a SCADA System


1
Formalizing Attack Treesfor a SCADA System
  • Krishna Mohan Moleyar
  • Dr. Ann Miller
  • University of Missouri - Rolla

2
Outline
  • Abstract
  • The Problem
  • Approaching the Solution GSN
  • Example Scenario
  • SCADA Attack Tree Demonstration
  • Conclusion and Future Work

3
Abstract
  • Goal To develop a formal method for documenting
    information security attacks on critical
    infrastructure in a structured and reusable form.
  • Approach Use of Goal Structuring Notation (GSN)
  • Project demonstrates the use of GSN in
    representing attack trees such that its
    applicability to other types of Assurance Cases
    can be viably considered.

4
Backbone
  • A generic attack tree backbone was developed
    which enumerates and elaborates the ways in which
    an attacker can compromise a SCADA system in
    order to accomplish his mission.

5
The Problem
  • The attack attributes should be able to associate
    risk with an attack and ease the process of
    analysis
  • One Solution A more structured language for
    documenting identified attack patterns.

6
Goal Structuring Notation
7
Tool Support
  • We have used the Adelard Safety Case Environment
    (ASCE V3.5) to generate our GSN attack trees.
  • The trial version of the tool is freely available
    at the Adelard website http//www.adelard.com

8
Issues that a GSN based Attack Tree addresses
  • Risk imposed on a system in case of a successful
    attack (1-5)
  • Technical difficulty and cost of the attack (1-5)
  • Likelihood of attack success (Low, Med, High)
  • Approach to draw conclusions from the attack graph

9
Risk Assessment Value At Risk (VAR)
  • Dependencies
  • Value for the attacker
  • Technical difficulty and cost of the attack
  • Likelihood of attack occurrence and success
  • Countermeasures
  • Traceability
  • Recovery mechanisms
  • Impact

10
Example Scenario
  • Officer X belonging to company XYZ is going to
    type and send some sensitive, confidential
    information to Officer Y via electronic mail -
    context
  • Top Goal of the attacker is to read the
    confidential information sent through E-mail.
  • Assumption is that the attacker knows the
    context and has profiled both Officers.
  • The strategy to achieve this goal is to analyze
    the underlying context and find a suitable method
    to obtain required information with available
    resources. The attacker will want to concentrate
    on minimizing cost and technical difficulty,
    while maximizing the probability of attack
    success.

11
Simplified GSN Attack Tree for the Scenario
12
Attack Tree for a SCADA System
  • This attack tree framework is in a generalized
    format which may be reused and referenced by
    security analysts while assessing their
    individual systems.

13
High Level Backbone
14
Backbone Electronic Attack
15
SCADA Attack Tree Demonstration
  • HTML version
  • http//web.umr.edu/km7w2/SCADAattackTree/

16
Conclusion
  • Successfully creating an attack tree is not a
    complete solution for system security.
  • Once we create a model of ways the system can be
    attacked, next step would be to predict how the
    enemies will attack by comparing their
    capabilities with the systems vulnerabilities,
    and estimating the benefits they will obtain from
    each attack.
  • The findings of this analysis can be used to
    propose a strategy of countermeasures.
  • An attack tree may always be compared with an
    assurance case to find any loop holes in the
    systems security.

17
Future Work
  • We have developed the example attack tree for a
    small robot system in our factory automation
    laboratory.
  • Future work should refine and validate the
    practicality and scalability of the approach
    through its application to several real-world
    examples.
  • A broad range of attack profiles must be analyzed
    and the results must be documented over the
    developed backbone so that commonly occurring
    attack patterns may be reviewed to develop more
    survivable systems.

18
Comments or Questions?
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com